top of page
RJ-mcloud-logo.png

Privacy Notice

Purpose

Welcome to OCU Group Limited’s privacy policy.

OCU Group Limited respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

We respect the privacy of every individual who visits our site. We take your right to privacy seriously and want you to feel comfortable when using this site. If we ask you to provide personal information when using this site, you can be assured that it will only be used in accordance with this privacy policy.

Please note that we may update and amend this privacy policy from time to time and any changes will be posted on our site. We will notify you of any significant changes to how we use your personal information.

Identity of Data Controller

For the purpose of data protection law, the data controller is OCU Group Limited (company number 9307607) of registered office: Artemis House, 6-8 Greek Street, Stockport, SK3 8AB. 

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise, please contact the DPO using the details set out below.

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

  • Full name of legal entity: OCU Group Limited

  • Email address: michael.cornwell@ocugroup.com 

  • Postal address: Artemis House, 6-8 Greek Street, Stockport, SK3 8AB

 

What Do We Collect and When Do We Collect It?

We may ask you to provide the following types of personal information when you sign up for a newsletter, create an account, contact us or use our site:
• your name;
• contact information;
• information regarding your personal or professional interests; or
• demographics such as your date of birth, address, and gender.

Our primary goal in collecting information from you is to provide a smooth, efficient and customised experience for you while using our site and in order to provide you with further information about our services.

We may collect your personal information:

• when you register to use our site or sign up for updates from us;
• when you contact us to ask a question, make a suggestion, report a problem or for any other reason;
• when you use interactive services on our site (such as bulletin boards, forums and features that allow you to post reviews or other materials).

When you visit our site, if you give us permission to use cookies (more information on this is below) we will also collect:

• details of your visits such as how long you have visited the site, pages you have viewed and resources accessed, how long you have visited particular areas of the site, how you have used any interactive features; including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access; and/or
• information about your device or computer, including, where available, your location, your IP address, operating system and browser type.

If you are aged under 18, please get your parent or guardian’s permission before you provide any personal information to us. Users under 18 without this consent are not permitted to and should not provide us with personal information.

What Do We Do With Your Personal Information?

We may use your personal information to: we use information to provide you with information about OCU Group and our services. This information may include your name, your contact details and any further relevant information needed.

Site Registration and Activity: we may use information you give us to register you as a user of our site and administer your site accounts. If you have activated cookies – we use this information to remember you on our site and provide you with a better experience on our site, such as pre-populating fields with your preferences (this might include your location). We also use information about how you use your account and our site to improve our site and better under understand user behaviour on our site.

Respond and process enquiries, suggestions and complaints: if you make an enquiry, suggestion or complaint, including through the ‘Contact Us’ page of this site, we will use that information to provide you with an appropriate solution and to improve our services and communications. Please note information submitted through this site will be sent to members of our team who need access to that information in order to respond to you. Sometimes we need to use the information to comply with our contractual and regulatory requirements.

Legal and regulatory purposes: we may use personal data that we have gathered from you or third parties (such as law enforcement) to comply with our legal obligations or for other legal reasons – for example to report fraudulent activity.

What Is Our Legal Basis For Using Your Personal Information?

We only use your personal information where that is permitted by laws that protect your privacy rights.

We will only use your personal information where:

• we have your consent (if consent is needed);
• we need to use the information for legal purposes;
• we need to use the information to perform a contract with you;
• it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you (what is known as a ‘legitimate interest’).

 

How Long Do We Keep Your Personal Information For?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.

 

Sharing Your Personal Information

We may share your personal information with the following categories of third parties:

• our service providers where necessary to make the services available to you such as suppliers of IT services;
• to promote our services to you, such as marketing agencies and social media platforms;
• where we or our group or substantially all of its assets are acquired by a third party, personal information held by us will be one of the transferred assets and your personal information will be transferred to the new owner, to be used for the purposes set out in this privacy policy;
• where necessary to protect the rights, property, or safety of our group of companies, our clients, or others we may share personal information with law enforcement agencies.

 

Your Rights

You have the right to ask us for access to your information, and to change, delete or move your personal information. To exercise these rights please contact us via email or phone number on our ‘Contact Us’ page. Further information on your rights is set out below.

The Right To Access Information We Hold About You

At any point you can contact us to request access to a copy of the information we hold about you as well as why we have that information, who has access to the information and where we got the information. You can make a request for access by contacting us as noted below.

The Right To Correct And Update The Information We Hold About You

If the personal information we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.

The Right To Have Your Information Erased

You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

The Right To Object To Processing Of Your Personal Information

You have the right to request that we stop processing your personal information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If personal data is no longer processed, we may continue to hold your personal information to comply with your other rights.

The Right To Withdraw Consent

If you have given us your consent to use your personal information to send you marketing emails, you can withdraw your consent at any time by clicking the ‘unsubscribe’ link in any marketing email which you receive.

The Right To Data Portability

You have the right to request that we transfer your personal information to another controller. Once we have received your request, we will comply where it is feasible to do so.

Make A Complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Information Security

To protect your information, we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and subcontractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.

Transfers Of Your Information Out Of The UK

The personal information that we collect from you may be transferred to, and stored at, a destination outside of the UK. It may also be processed by staff operating outside the UK who work for us or for one of our suppliers. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring either that the countries have been deemed to provide an adequate level of protection for personal data or we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. For more information on how we do this please contact us.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies

What Are Cookies?

Cookies are small text files which are stored on your browser or your computer’s hard drive when you visit our website. The file is added to your browser or hard drive and the cookie allows the server to recognise you when you order a product or when you revisit.

Please note that cookies can’t harm your computer. Cookies cannot be used by themselves to identify you.

We don’t store personally identifiable information such as email address in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Our Use Of Cookies

To make full use of the features on our website, you will need to accept cookies: accepting these cookies is the only way we can provide you with a fully functional tailored service.

We last updated this notice in June 2025

  • We are RJ McLeod (Contractors) Ltd (“RJM”), and we’re responsible for the personal information we collect and use in connection with our services. Under data protection laws, this makes us the “data controller.”


    Throughout this notice, when we use terms like “we,” “us,” “our,” or just “RJM,” we’re referring to RJ McLeod (Contractors) Ltd.


    RJ McLeod (Contractors) Ltd is part of OCU Group, which means we align our data protection governance with OCU Group and other companies within the Group. It also means that we share data within the Group.

  • Our company registration details are:


    • RJ McLeod (Contractors) Ltd is a company incorporated in Scotland.

    • Registration number: SC028565

    • Registered office: 2411 London Road, Glasgow, G32 8XT

  • In the UK, the Information Commissioner’s Office (ICO) is our data protection supervisory authority. Here are our details:


    • Data Controller Name: RJ McLeod (Contractors) Ltd

    • ICO Registration Reference: Z5422066


    We also maintain separate data protection registrations for other companies within OCU Group. If you’d like to know who they are, you can contact our Privacy & Data Protection Team.

  • If you ever have a question about how we’re handling your personal information or want to exercise a right regarding your data, you can contact our Data Protection Officer (DPO).


    Postal Address

    Data Protection Officer

    2411 London Road

    Glasgow

    G32 8XT


  • We’ll talk more about your specific rights later on in this notice, things like requesting a copy of your personal information or asking us to delete it. But if at any point you want to exercise one of these rights, just get in touch using the details above.

  • Our website and our services are not intended for children, and we do not knowingly collect personal data relating to children. If you are under the age of 16, please obtain consent from your parent or guardian before submitting any personal data to us. If you’re a parent or guardian and believe your child has provided us with their personal data without your consent, please contact us, and we’ll do our best to erase that information or unsubscribe them.

  • We’re committed to upholding your privacy and protecting the information we hold. Data protection laws continue to evolve, and so do we, in fact our privacy notice may be updated from time to time to reflect new laws, regulations, or how we use your personal information. The version displayed here is always the most up-to-date.


    We encourage you to re-visit this notice now and then, so you’re aware of any relevant updates we’ve made.

  • Under the UK GDPR, personal information means:


    “Any information relating to an identified or identifiable natural person (‘data subject’).”


    That’s quite a broad scope, and it can be anything from a name or email address to more technical data like your IP address. Essentially, if it’s information that can identify you (directly or indirectly), it’s personal data.

  • We only collect personal information that is appropriate, lawful, and relevant to our relationship with you. Below are categories of data we may collect:


    Identity Information May include name, title, date of birth, national insurance details, or other official identity data.

    Contact Information May include email address, telephone number, postal address, and social media handles.


    Technical Data Internet Protocol (IP) address, browser type and version, time zone settings, location, and other technology on the devices you use to access our website or services.


    Marketing & Communications DataInformation about your communication preferences, such as how and when you’d like us to contact you.


    Work and role specific information If you’re an employee, a contractor, or part of a contracting organisation, we’ll process personal information that is relevant to your role and work.


    Location Data If you enable location services on your device and use certain features, we may use this to provide location-based services (e.g., showing you site offices near you or other relevant content).


    Transactional & Financial Information If you or the organisation you work for purchase from us or we issue invoices, we may collect billing addresses, payment details, and transaction logs.


    Special Categories of Personal Information Typically, we do not process special category data (like health or biometric data) unless it is for a specific purpose (e.g., recruitment or handling an internal HR matter) and we’re legally allowed to do so.


    Criminal Data or Background Checks There may be instances (e.g., safeguarding requirements) where we process criminal background checks or “DBS” checks in the UK. We only do so where strictly necessary and in accordance with local law.


    Further Information About Interactions We may collect details of reviews, comments, or other content you submit. We may also have situational or process specific privacy notices that we provide, and we’ll provide those as and when you engage with us.


    You’re welcome to browse our website without registering or submitting your personal information if that suits you better.

  • 1. Personal Information You Voluntarily Provide


    • When you visit our websites or use our online platforms, we use cookies to help tailor your experience. For details, see our Cookie Policy.

    • When you sign up for newsletters or other mailing lists.

    • When you contact us via phone, email, or social media.

    • When you attend events or training sessions we organise

    • When you appear in photos or videos that we take

    • When you apply for a job or send us your CV.

    • When you or your organisation purchases something from us.

    • When you submit personal data to us for any other reason.


    2. Personal Information Provided by Others


    • Sometimes we receive your data from third parties (e.g., marketing agencies, credit reference agencies).

    • If you apply for a job, we may get references from previous employers.

    • We may also obtain publicly available information from sources like Companies House or professional networking sites.


  • Lawful Basis

    Data protection law requires that we have a lawful basis for processing your personal information. If you’d like more details about a specific processing activity, just ask. Below are some common ways we process your data, our lawful basis, and how we respect your rights:

    Processing Type

    Data Category

    Lawful Basis

    Specific Purpose & Respect for Your Rights

    Website Communication (Email, Forms, Telephone)

    Contact Data

    Contractual Obligation / Legitimate Interest

    To respond to queries or provide requested information (e.g., via “Contact Us” forms). Without processing this data, we can’t address your request. You can ask us to stop contacting you at any time, though it may affect our ability to follow up on your query or service needs.

    Customer Relationship Management (CRM)

    Identity & Contact Data

    Legitimate Interest

    We maintain a secure CRM system to keep track of Clients, suppliers, and partners, including contact form submissions. You can ask to see what we hold about you, request corrections, or ask us to remove it unless we need to keep it for legal or contractual reasons.

    Email Marketing

    Identity & Contact Data

    Legitimate Interest (existing customers), Consent (others)

    If you’re an existing Client, we may send relevant updates about our products/services under legitimate interest. If you’re not yet a Client (e.g., you sign up to our newsletter), we rely on consent, unless it’s clear to us that our relationship is of a business-to-business nature. You can unsubscribe or opt out at any time.

    Promotional Images & Video

    Identity Data

    Consent, Legitimate interests

    We may occasionally feature images or videos (e.g., from events) on our website. If you are clearly identifiable, we will seek your consent before using your photo. You can withdraw consent at any time or opt out on the spot. If photos or footage is of a whole room or crowd, we’ll rely on our legitimate interests as the lawful basis.

    Website Analytics (Statistics & Usage)

    Technical & Usage Data

    Consent (for non-essential cookies), Legitimate Interest (for essential cookies)

    We use analytics tools, often called cookies and other tracking information to understand how visitors use our site. We request consent for any non-essential cookies. You can manage or withdraw cookie preferences at any time.

    Marketing Engagement Metrics

    Identity, Contact, Technical & Usage

    Consent

    With your consent (e.g., cookie acceptance, email open tracking), we monitor interactions with our website, emails, or social channels to tailor future communications and improve marketing effectiveness. You can revoke consent or opt out of marketing at any time.

    Administrative Purposes & Group Operations

    Identity, Contact, Financial, etc.

    Legitimate Interest

    We may share certain website-generated information within our Group (or with service providers) for business continuity, IT hosting, invoice management, or similar operational needs. This includes ensuring the site functions properly and your data remains consistent across our internal systems.

    Job Roles & Recruitment (through our dedicated Careers site)

    Identity, Contact, (Special Category if relevant)

    Contractual Obligation / Legitimate Interest

    If you apply for a job via our website, we process your application details (e.g., CV). We will share your details with our Recruitment and HR teams to see if there are suitable roles. You can ask us not to share further, though it may affect your application. We only process special category data if required for the role/law.

    Security & Safety

    Identity, Technical, Usage

    Legal Obligation / Legitimate Interest

    We may process personal information for security monitoring, fraud prevention, and threat detection (e.g., IP logs, suspicious activity flags). We also use CCTV at our physical sites and could reference relevant footage if necessary to investigate incidents or for compliance.

    Sharing Information with Auditors & Authorities

    Identity, Contact, Financial, Special Category

    Legal Obligation

    If required by law, we share data with regulators (e.g., HMRC, ICO) or in connection with legal proceedings (e.g., fraud investigations). We only disclose the minimum necessary to comply with these obligations.

    When You Provide Consent

    If we rely on consent, you can withdraw it at any time. Any processing done up to that point remains lawful.


    When We Rely on Legitimate Interest

    We do a legitimate interest assessment to ensure our interests do not override your fundamental rights and freedoms.


    Use Permitted Under Applicable Laws

    Sometimes, we might process personal data without your knowledge or consent where it is required or permitted by law.


  • We may share your personal information with trusted third-party processors or recipients to deliver the services or products you request. This could include:


    • Other OCU Group companies (including international colleagues, where relevant)

    • Vendors and service providers offering services including, IT support, hosting, auditing, legal advice, payment or delivery services, marketing.

    • Regulatory bodies or law enforcement where required (e.g., to aid investigations or meet legal obligations)

    • Potential buyers or investors if we sell or integrate parts of our business


    We conduct due diligence on third parties to ensure they meet our standards and will only process personal data in accordance with our instructions.


    Third-Party Links

    Our website may contain links to external sites that we don’t control. If you follow a link to a third-party site, their privacy policy will apply, not ours. We encourage you to read their policies carefully.

  • Sometimes, our data processors or group entities are outside the UK, so your personal information may be transferred internationally. We safeguard these transfers and will generally use these mechanisms:


    • Adequacy decisions (where the recipient country is deemed by the UK to have adequate data protection), or

    • Standard contractual clauses approved by the UK authorities.


    We also perform due diligence to ensure these partners follow strict data protection standards.

  • Unauthorised Access

    We have put in place security measures to protect your information from unauthorised access, alteration, or disclosure. However, no system is entirely foolproof, and sending data electronically is always at your own risk.


    Specific Access

    We limit access to your personal data to employees, agents, and contractors who need it to do their jobs and who are under confidentiality obligations.


    Vulnerabilities

    We have procedures to detect, manage, and notify relevant parties of any personal data breaches, where required by law.

  • We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including any legal or regulatory requirements. When deciding the retention period, we consider:


    • Amount, nature, and sensitivity of the data

    • Potential risk of harm from unauthorised use or disclosure

    • The reasons for processing and whether they can be achieved by other means


    If you’d like specifics about our retention schedules, feel free to contact us.

  • If you live in the UK or EEA or in other locations around the world, you most likely have the following rights, in any case, we recognise and respect the following rights which we apply to the personal information we process:


    1. Right of Access

      Request a copy of your personal data (a “Subject Access Request”).


    2. Right to Rectification

      Ask us to correct any inaccuracies or complete missing details.


    3. Right to Erasure (“the right to be forgotten”)

      Ask us to delete data if there’s no lawful basis to keep it.


    4. Right to Restrict Processing

      In certain cases, ask us to stop using your data for a period of time.


    5. Right to Portability

      Request a structured, machine-readable copy of certain data to transfer to another organisation.


    6. Right to Object

      Object to processing that relies on legitimate interest or direct marketing.


    7. Right to Withdraw Consent

      If we rely on consent, you can withdraw it any time.


    8. Right to Object to Automated Decision-Making, Including Profiling


       If any automated decisions produce legal or similarly significant effects.


    If you want to exercise any of these rights, just reach out to us via the contact methods above. We’ll address your request within the timelines required by law.

  • We aim to handle your personal information responsibly, but if you feel we’ve fallen short:


    1. Contact Us First

      Please email or write to our DPO so we can try to resolve your complaint.


    2. Right to Lodge a Complaint

      If you’re unhappy with our response, you can complain to the Information Commissioner’s Office (ICO) in the UK.


    ICO Contact Details

    Postal Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

    Web: https://ico.org.uk/make-a-complaint/

    Telephone: 0303 123 1113

  • If you have any queries about this Privacy Notice or want to know more about how we handle your personal data, please contact our DPO using the details provided. We’ll do our best to give you the information and reassurance you need.


    This Privacy Notice is effective as of June 2025. We may update it now and then, and we’ll post any changes here so you’re always aware of the current version.

bottom of page